Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
62 Cards in this Set
- Front
- Back
What verifies that a control is functioning properly? |
Security tests |
|
What are comprehensive reviews of the security of a system? |
Security assessments |
|
What is the same as a security assessment, but is performed by an independent auditor? |
Security audits |
|
What is the most important maintenance activity for Information Security? |
Security assessment and testing |
|
True or False. Security assessments include security testing, like scans, pen testing and manual attempts to undermine security, plus a review of the threat environment and value of the system. They result in an assessment report given to management. |
True |
|
Whom are usually given the security audit reports? |
Board of Directors or the government |
|
Vulnerability assessments are some of the most important tools. Are they security testing tools or security assessment tools? |
Vulnerability assessments are security testing tools not security assessment tools. |
|
What automatically probes systems looking for weaknesses? |
Vulnerability scans |
|
What scans a range of IP addresses looking for systems with open network ports that are exposed through the network and server firewalls that lie on the network path between the scanner and the system? |
Network discovery scans |
|
What is half open scanning where a packet is sent to each scanned port with the SYN flag set? Open ports will add an ACK flag and the scanning report shows the ports and their flags. |
TCP SYN scanning |
|
What is it when a packet is sent with the FIN, PSH, and URG flags set? |
XMAS scanning. A packet with so many flags is said to be lit up like Christmas |
|
What TCP port number is a MSFT SQL server db port that should never be open? |
1433 |
|
What TCP port is FTP? |
21 |
|
What TCP port is SSH? |
22 |
|
What TCP port is Telnet? |
23 |
|
What TCP port is SMTP? |
25 |
|
What TCP port is DNS (is used for HTTP)? |
80 |
|
What TCP port is POP3? |
110 |
|
What TCP port is HTTPS? |
443 |
|
What is the most common tool used for network discovery? It is a free open source tool. It tells you if the port is Open, Closed, or Filtered (filtered is not able to determine if the port is open or closed due to the firewall interfering) |
nmap |
|
What goes deeper than discovery scans and not only detects open ports, but probes a targeted system for known vulnerabilities? They contain large db's of known vulnerabilities. |
Network vulnerability scans |
|
What uses special purpose tools to scan apps for known vulnerabilities? They discover flaws not visible to network vulnerability scanners. |
Web application vulnerability scans |
|
True or False. The PCI DSS (payment card industry data security standard) requires monthly scanning if Web apps do not have dedicated firewalls. |
False. They require annual scanning. |
|
What is the attempt to exploit systems to demonstrate the flaw? |
Penetration Testing |
|
What are the 6 steps of Penetration Testing? |
1. Perform reconnaissance to learn about the system 2. Run network discovery scans to id open ports 3. Run network vulnerability scan to id unpatched vulnerabilities 4. Run app vulnerability scan to id app flaws 5. Use exploit tools to automatically attempt to defeat the system 6. Manual probing and attack attempts |
|
What is a popular tool for a automatically exploiting a system? It runs a script that executes common attacks (hackers can use it too). |
Metasploit |
|
What are the 3 types of Penetration Tests? |
White box, gray box, black box |
|
What type of pen test is it where the tester has detailed information about the system to speed up the test? |
White box |
|
What type of pen test is it where the tester has partial knowledge of the system? |
Gray box |
|
What type of pen test is a full simulation of an attacker? The tester has no knowledge of the system ahead of time. |
Black box |
|
Which of these reasons are why you should test your software? a. SW apps often have privileged access to the OS, HW and other resources b. They routinely handle sensitive information c. They rely on db's that also contain sensitive information d. They are critical to the operations of the company. You don't want them to fail. |
All 4 |
|
What is a common (albeit rigid) code review inspection process that follows: Planning > Overview > Preparation > Inspection > Rework > Follow Up |
Fagan |
|
What testing evaluates the security of SW by analyzing the source code or the compiled application? |
Static testing |
|
What testing evaluates the security of SW in a runtime environment? |
Dynamic testing |
|
What provides many different types of input to the SW to stress its limits and find flaws? |
Fuzz testing |
|
What Fuzz testing alters actual values (bit flipping)? |
Mutation Fuzzing (dumb) |
|
What Fuzz testing uses data models to create new fuzzed inputs based on understanding the data used in the SW? |
Generational Fuzzing (intelligent) |
|
What is a standardized way for code modules to interact and may be exposed via web services? |
API (application programming interface) |
|
What type of interface is mostly found in manipulating machinery? If they fail, they could impact the SW. |
Physical interface |
|
Because you cannot test for everything, what is the Test Coverage Analysis formula? |
Test Coverage equals Number of use cases tested divided by the Total number of use cases |
|
What security assessment and testing metrics should you monitor? |
Number of open vulnerabilities Time to resolve vulnerabilities Number of compromised accounts Number of SW flaws detected in preproduction scanning Repeat audit findings User attempts to visit known malicious sites |
|
What testing method is used to design new sw tests and ensure the quality of tests? |
Mutation testing It modifies a program in small ways & then tests the mutant to determine if it behaves as it should. |
|
What tool is best for scanning for web application & web server vulnerabilities? |
Nikto |
|
What message & event logging standard is commonly used by network and other enterprise devices? |
Syslog |
|
What type of SOC (service organization control) report verifies security, privacy and availability controls and is shared with a broad audience? |
SOC-3 SOC-2 is the same as SOC-3, but is only shared internally or with close partners. SOC-1 reports on the internal controls over financial reporting |
|
What type of testing is used to ensure separately developed sw modules properly exchange data? |
Interface testing |
|
What type of network logging allows you to review traffic information between parts of your network? |
Flow logging |
|
These IP ranges are what type of addresses and can they be accessed outside the company they belong to? 10.0 172.16.0 192.168.0 |
They are RFC 1918 addresses, which are allocated for private networks. They cannot be accessed from outside except by nacareous means. |
|
What can ensure consistent logging settings across systems? |
Group Policy |
|
Which scan would you use if you didn't have elevated privileges and needed to scan a system to verify open services, TCP connect scan or TCP SYN scan? |
TCP connect scan |
|
True or False. Passive scanning can help identify rogue devices? |
True |
|
What 4 code coverage criteria are commonly used when validating a code testing suite? |
Function, statement, branch, condition coverage |
|
Which interface is one not typically tested during sw testing, network interface or physical interface? |
Network interface |
|
What protocol handles vulnerability management data? |
SCAP (security content automation protocol) |
|
True or False. Exploiting vulnerabilities is not a hazard during pen testing. |
True. It is not a hazard, it is part of the process. |
|
What should happen right after a vulnerability is found by a scanner (do this before remediation)? |
Validate the issue exists |
|
What is a vulnerability scoring system that compares exploitability, impact, and how they can be remediated? |
CVSS Common Vulnerability Scoring System |
|
What type of vulnerability scan accesses system configuration information including OS details, services and missing patches? |
Authenticated scan Uses read only access to system information so it can do a more thorough scan. |
|
Which of these will not help prevent the tampering of data: hashes, digital signatures, filtering, authorization controls? |
Filtering Most effective against DoS attacks |
|
True or False. nmap only scans ports 1-1024 by default. Therefore it misses 64k ports. |
True You can name more for it to scan, though |
|
What application threat modeling includes malicious users as well as descriptions like mitigates and threatens? |
Misuse case diagram |
|
CVE db's provide what type of data? |
Vulnerability information (not typically patching information. Patches come from other places) |